How Facebook Inadvertently Exposed China's Giant Hacking Ring

The recent Mandiant report fingered China as the culprit behind a concerted effort to hack U.S. companies and infrastructure.Hackers had illegally appropriated billions of bytes, full terrabytes of proprietary information. Words like “sophisticated” and “well-organised” and “state-sponsored” flew around the airwaves.

Tim Simonite of MIT Technology Review thinks, however, that these guys were “sloppy.”

From MIT Tech Review:

Many tactics discovered that way seem poor choices for a group whose work depends on avoiding detection. Operatives were seen to routinely log into Facebook, Twitter, and Gmail accounts using their victims’ computers.

Mandiant says the hackers would log in to Facebook, Twitter, and Gmail from infected computers. Once logged in, they would send the spearfishing attacks which were the basis of their espionage.

Consequently, those computers were also Mandiant-monitored. The company would watch them log in and steal their passwords, which they in turn used to track and expose certain Chinese hackers in their report.

It should be noted though, the above description is just one of many ways Mandiant tracked China’s hackers.

Also, Mandiant says they used this tactic to avoid the “Great Firewall of China,” which Simonite says is strange, considering China’s hacking outfit should have permissions freeing them from the wall.

It’s possible Mandiant did not want to reveal too much about how it tracked the hacking outfit — the cyber security firm warned upon release of the report that China would quickly adjust their efforts to avoid detection.